Showtime Website Found Secretly Mining Cryptocurrency; Page Might Have Been Hacked
It was recently discovered that the official website of TV network Showtime was equipped with a JavaScript that secretly mined cryptocurrency from its web visitors.
Showtime is a subsidiary of CBS.
Twitter user @SkensNet was the first one to spot the codes that indicated Showtime's and Showtime Anytime's official websites were embedded with the JavaScript that secretly mined cryptocurrency, specifically the Monero coins, after inspecting the page's source codes.
Get Our Latest News for FREE
The Twitter user suggested that the website could have been silently hacked to incorporate the JavaScript and encouraged others to look into the pages' source codes as well when they visit the sites.
This mechanism of secretly mining for crypto money was previously identified as a newer way to do the job and used a JavaScript called the Coinhive. In a post, Bad Packets Report explained: "Once a user visits the website, they unwittingly start mining the cryptocurrency Monero. This can put a tremendous load on the CPU of anyone who visits a website with the Coinhive miner on it."
While the first person to find that the Showtime website was plagued with Coinhive initially suggested the site was hacked, there is also the possibility of it being a deliberate move.
For example, earlier this month, the popular torrent site The Pirate Bay admitted they were testing the use of the same JavaScript to mine Monero so they could fund their operations without relying on advertisements.
Interestingly, the web analytics firm New Relic was mysteriously tagged in the strain of Coinhive codes found on the Showtime and Showtime Anytime websites, which could imply their involvement.
However, New Relic immediately denied that possibility as their CEO, Andrew Schmitt, told The Register: "We take the security of our browser agent extremely seriously and have multiple controls in place to detect malicious or unauthorized modification of its script at various points along its development and deployment pipeline."
"Upon reviewing our products and code, the HTML comments shown in the screenshot that are referencing newrelic were not injected by New Relic's agents. It appears they were added to the website by its developers," Schmitt added.
As of Sept. 29, Showtime/CBS has yet to respond to the reports.
